]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - security/apparmor/apparmorfs.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:


5786cca3911a2b19b3217b283cb16aee32c664ce
[mirror_ubuntu-zesty-kernel.git] / security / apparmor / apparmorfs.c
1 /*
2 * AppArmor security module
3 *
4 * This file contains AppArmor /sys/kernel/security/apparmor interface functions
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2010 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15 #include <linux/ctype.h>
16 #include <linux/security.h>
17 #include <linux/vmalloc.h>
18 #include <linux/module.h>
19 #include <linux/seq_file.h>
20 #include <linux/uaccess.h>
21 #include <linux/mount.h>
22 #include <linux/namei.h>
23 #include <linux/capability.h>
24 #include <linux/rcupdate.h>
25 #include <uapi/linux/major.h>
26 #include <linux/fs.h>
27
28 #include "include/apparmor.h"
29 #include "include/apparmorfs.h"
30 #include "include/audit.h"
31 #include "include/context.h"
32 #include "include/crypto.h"
33 #include "include/ipc.h"
34 #include "include/policy_ns.h"
35 #include "include/label.h"
36 #include "include/policy.h"
37 #include "include/resource.h"
38 #include "include/label.h"
39 #include "include/lib.h"
40 #include "include/policy_unpack.h"
41
42 /**
43 * aa_mangle_name - mangle a profile name to std profile layout form
44 * @name: profile name to mangle (NOT NULL)
45 * @target: buffer to store mangled name, same length as @name (MAYBE NULL)
46 *
47 * Returns: length of mangled name
48 */
49 static int mangle_name(const char *name, char *target)
50 {
51 char *t = target;
52
53 while (*name == '/' || *name == '.')
54 name++;
55
56 if (target) {
57 for (; *name; name++) {
58 if (*name == '/')
59 *(t)++ = '.';
60 else if (isspace(*name))
61 *(t)++ = '_';
62 else if (isalnum(*name) || strchr("._-", *name))
63 *(t)++ = *name;
64 }
65
66 *t = 0;
67 } else {
68 int len = 0;
69 for (; *name; name++) {
70 if (isalnum(*name) || isspace(*name) ||
71 strchr("/._-", *name))
72 len++;
73 }
74
75 return len;
76 }
77
78 return t - target;
79 }
80
81 /**
82 * aa_simple_write_to_buffer - common routine for getting policy from user
83 * @userbuf: user buffer to copy data from (NOT NULL)
84 * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
85 * @copy_size: size of data to copy from user buffer
86 * @pos: position write is at in the file (NOT NULL)
87 *
88 * Returns: kernel buffer containing copy of user buffer data or an
89 * ERR_PTR on failure.
90 */
91 static struct aa_loaddata *aa_simple_write_to_buffer(const char __user *userbuf,
92 size_t alloc_size,
93 size_t copy_size,
94 loff_t *pos)
95 {
96 struct aa_loaddata *data;
97
98 BUG_ON(copy_size > alloc_size);
99
100 if (*pos != 0)
101 /* only writes from pos 0, that is complete writes */
102 return ERR_PTR(-ESPIPE);
103
104 /* freed by caller to simple_write_to_buffer */
105 data = kvmalloc(sizeof(*data) + alloc_size);
106 if (data == NULL)
107 return ERR_PTR(-ENOMEM);
108 kref_init(&data->count);
109 data->size = copy_size;
110 data->hash = NULL;
111 data->abi = 0;
112
113 if (copy_from_user(data->data, userbuf, copy_size)) {
114 kvfree(data);
115 return ERR_PTR(-EFAULT);
116 }
117
118 return data;
119 }
120
121 static ssize_t policy_update(u32 mask, const char __user *buf, size_t size,
122 loff_t *pos, struct aa_ns *ns)
123 {
124 struct aa_label *label;
125 ssize_t error;
126 struct aa_loaddata *data;
127
128 label = aa_begin_current_label(DO_UPDATE);
129
130 /* high level check about policy management - fine grained in
131 * below after unpack
132 */
133 error = aa_may_manage_policy(label, ns, mask);
134 if (error)
135 return error;
136
137 data = aa_simple_write_to_buffer(buf, size, size, pos);
138 error = PTR_ERR(data);
139 if (!IS_ERR(data)) {
140 error = aa_replace_profiles(ns ? ns : labels_ns(label), label,
141 mask, data);
142 aa_put_loaddata(data);
143 }
144 aa_end_current_label(label);
145
146 return error;
147 }
148
149 /* .load file hook fn to load policy */
150 static ssize_t profile_load(struct file *f, const char __user *buf, size_t size,
151 loff_t *pos)
152 {
153 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
154 int error = policy_update(AA_MAY_LOAD_POLICY, buf, size, pos, ns);
155 aa_put_ns(ns);
156
157 return error;
158 }
159
160 static const struct file_operations aa_fs_profile_load = {
161 .write = profile_load,
162 .llseek = default_llseek,
163 };
164
165 /* .replace file hook fn to load and/or replace policy */
166 static ssize_t profile_replace(struct file *f, const char __user *buf,
167 size_t size, loff_t *pos)
168 {
169 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
170 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY,
171 buf, size, pos, ns);
172 aa_put_ns(ns);
173
174 return error;
175 }
176
177 static const struct file_operations aa_fs_profile_replace = {
178 .write = profile_replace,
179 .llseek = default_llseek,
180 };
181
182 /* .remove file hook fn to remove loaded policy */
183 static ssize_t profile_remove(struct file *f, const char __user *buf,
184 size_t size, loff_t *pos)
185 {
186 struct aa_loaddata *data;
187 struct aa_label *label;
188 ssize_t error;
189 struct aa_ns *ns = aa_get_ns(f->f_inode->i_private);
190
191 label = aa_begin_current_label(DO_UPDATE);
192 /* high level check about policy management - fine grained in
193 * below after unpack
194 */
195 error = aa_may_manage_policy(label, ns, AA_MAY_REMOVE_POLICY);
196 if (error)
197 goto out;
198
199 /*
200 * aa_remove_profile needs a null terminated string so 1 extra
201 * byte is allocated and the copied data is null terminated.
202 */
203 data = aa_simple_write_to_buffer(buf, size + 1, size, pos);
204
205 error = PTR_ERR(data);
206 if (!IS_ERR(data)) {
207 data->data[size] = 0;
208 error = aa_remove_profiles(ns ? ns : labels_ns(label), label,
209 data->data, size);
210 aa_put_loaddata(data);
211 }
212 out:
213 aa_end_current_label(label);
214 aa_put_ns(ns);
215 return error;
216 }
217
218 static const struct file_operations aa_fs_profile_remove = {
219 .write = profile_remove,
220 .llseek = default_llseek,
221 };
222
223
224 static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
225 const char *match_str, size_t match_len)
226 {
227 struct aa_perms tmp;
228 struct aa_dfa *dfa;
229 unsigned int state = 0;
230
231 if (profile_unconfined(profile))
232 return;
233 if (profile->file.dfa && *match_str == AA_CLASS_FILE) {
234 dfa = profile->file.dfa;
235 state = aa_dfa_match_len(dfa, profile->file.start,
236 match_str + 1, match_len - 1);
237 tmp = nullperms;
238 if (state) {
239 struct path_cond cond = { };
240 tmp = aa_compute_fperms(dfa, state, &cond);
241 }
242 } else if (profile->policy.dfa) {
243 if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
244 return; /* no change to current perms */
245 dfa = profile->policy.dfa;
246 state = aa_dfa_match_len(dfa, profile->policy.start[0],
247 match_str, match_len);
248 if (state)
249 aa_compute_perms(dfa, state, &tmp);
250 else
251 tmp = nullperms;
252 }
253 aa_apply_modes_to_perms(profile, &tmp);
254 aa_perms_accum_raw(perms, &tmp);
255 }
256
257 /**
258 * query_data - queries a policy and writes its data to buf
259 * @buf: the resulting data is stored here (NOT NULL)
260 * @buf_len: size of buf
261 * @query: query string used to retrieve data
262 * @query_len: size of query including second NUL byte
263 *
264 * The buffers pointed to by buf and query may overlap. The query buffer is
265 * parsed before buf is written to.
266 *
267 * The query should look like "<LABEL>\0<KEY>\0", where <LABEL> is the name of
268 * the security confinement context and <KEY> is the name of the data to
269 * retrieve. <LABEL> and <KEY> must not be NUL-terminated.
270 *
271 * Don't expect the contents of buf to be preserved on failure.
272 *
273 * Returns: number of characters written to buf or -errno on failure
274 */
275 static ssize_t query_data(char *buf, size_t buf_len,
276 char *query, size_t query_len)
277 {
278 char *out;
279 const char *key;
280 struct label_it i;
281 struct aa_label *label, *curr;
282 struct aa_profile *profile;
283 struct aa_data *data;
284 u32 bytes;
285 u32 blocks;
286 u32 size;
287
288 if (!query_len)
289 return -EINVAL; /* need a query */
290
291 key = query + strnlen(query, query_len) + 1;
292 if (key + 1 >= query + query_len)
293 return -EINVAL; /* not enough space for a non-empty key */
294 if (key + strnlen(key, query + query_len - key) >= query + query_len)
295 return -EINVAL; /* must end with NUL */
296
297 if (buf_len < sizeof(bytes) + sizeof(blocks))
298 return -EINVAL; /* not enough space */
299
300 curr = aa_begin_current_label(DO_UPDATE);
301 label = aa_label_parse(curr, query, GFP_KERNEL, false, false);
302 aa_end_current_label(curr);
303 if (IS_ERR(label))
304 return PTR_ERR(label);
305
306 /* We are going to leave space for two numbers. The first is the total
307 * number of bytes we are writing after the first number. This is so
308 * users can read the full output without reallocation.
309 *
310 * The second number is the number of data blocks we're writing. An
311 * application might be confined by multiple policies having data in
312 * the same key.
313 */
314 memset(buf, 0, sizeof(bytes) + sizeof(blocks));
315 out = buf + sizeof(bytes) + sizeof(blocks);
316
317 blocks = 0;
318 label_for_each_confined(i, label, profile) {
319 if (!profile->data)
320 continue;
321
322 data = rhashtable_lookup_fast(profile->data, &key,
323 profile->data->p);
324
325 if (data) {
326 if (out + sizeof(size) + data->size > buf + buf_len) {
327 aa_put_label(label);
328 return -EINVAL; /* not enough space */
329 }
330 size = __cpu_to_le32(data->size);
331 memcpy(out, &size, sizeof(size));
332 out += sizeof(size);
333 memcpy(out, data->data, data->size);
334 out += data->size;
335 blocks++;
336 }
337 }
338 aa_put_label(label);
339
340 bytes = out - buf - sizeof(bytes);
341 bytes = __cpu_to_le32(bytes);
342 blocks = __cpu_to_le32(blocks);
343 memcpy(buf, &bytes, sizeof(bytes));
344 memcpy(buf + sizeof(bytes), &blocks, sizeof(blocks));
345
346 return out - buf;
347 }
348
349 /**
350 * query_label - queries a label and writes permissions to buf
351 * @buf: the resulting permissions string is stored here (NOT NULL)
352 * @buf_len: size of buf
353 * @query: binary query string to match against the dfa
354 * @query_len: size of query
355 *
356 * The buffers pointed to by buf and query may overlap. The query buffer is
357 * parsed before buf is written to.
358 *
359 * The query should look like "LABEL_NAME\0DFA_STRING" where LABEL_NAME is
360 * the name of the label, in the current namespace, that is to be queried and
361 * DFA_STRING is a binary string to match against the label(s)'s DFA.
362 *
363 * LABEL_NAME must be NUL terminated. DFA_STRING may contain NUL characters
364 * but must *not* be NUL terminated.
365 *
366 * Returns: number of characters written to buf or -errno on failure
367 */
368 static ssize_t query_label(char *buf, size_t buf_len,
369 char *query, size_t query_len, bool ns_only)
370 {
371 struct aa_profile *profile;
372 struct aa_label *label, *curr;
373 char *label_name, *match_str;
374 size_t label_name_len, match_len;
375 struct aa_perms perms;
376 struct label_it i;
377
378 if (!query_len)
379 return -EINVAL;
380
381 label_name = query;
382 label_name_len = strnlen(query, query_len);
383 if (!label_name_len || label_name_len == query_len)
384 return -EINVAL;
385
386 /**
387 * The extra byte is to account for the null byte between the
388 * profile name and dfa string. profile_name_len is greater
389 * than zero and less than query_len, so a byte can be safely
390 * added or subtracted.
391 */
392 match_str = label_name + label_name_len + 1;
393 match_len = query_len - label_name_len - 1;
394
395 curr = aa_begin_current_label(DO_UPDATE);
396 label = aa_label_parse(curr, label_name, GFP_KERNEL, false, false);
397 aa_end_current_label(curr);
398 if (IS_ERR(label))
399 return PTR_ERR(label);
400
401 perms = allperms;
402 if (ns_only) {
403 label_for_each_in_ns(i, labels_ns(label), label, profile) {
404 profile_query_cb(profile, &perms, match_str, match_len);
405 }
406 } else {
407 label_for_each(i, label, profile) {
408 profile_query_cb(profile, &perms, match_str, match_len);
409 }
410 }
411 aa_put_label(label);
412
413 return scnprintf(buf, buf_len,
414 "allow 0x%08x\ndeny 0x%08x\naudit 0x%08x\nquiet 0x%08x\n",
415 perms.allow, perms.deny, perms.audit, perms.quiet);
416 }
417
418 #define QUERY_CMD_LABEL "label\0"
419 #define QUERY_CMD_LABEL_LEN 6
420 #define QUERY_CMD_PROFILE "profile\0"
421 #define QUERY_CMD_PROFILE_LEN 8
422 #define QUERY_CMD_LABELALL "labelall\0"
423 #define QUERY_CMD_LABELALL_LEN 9
424 #define QUERY_CMD_DATA "data\0"
425 #define QUERY_CMD_DATA_LEN 5
426
427 /**
428 * aa_write_access - generic permissions and data query
429 * @file: pointer to open apparmorfs/access file
430 * @ubuf: user buffer containing the complete query string (NOT NULL)
431 * @count: size of ubuf
432 * @ppos: position in the file (MUST BE ZERO)
433 *
434 * Allows for one permissions or data query per open(), write(), and read()
435 * sequence. The only queries currently supported are label-based queries for
436 * permissions or data.
437 *
438 * For permissions queries, ubuf must begin with "label\0", followed by the
439 * profile query specific format described in the query_label() function
440 * documentation.
441 *
442 * For data queries, ubuf must have the form "data\0<LABEL>\0<KEY>\0", where
443 * <LABEL> is the name of the security confinement context and <KEY> is the
444 * name of the data to retrieve.
445 *
446 * Returns: number of bytes written or -errno on failure
447 */
448 static ssize_t aa_write_access(struct file *file, const char __user *ubuf,
449 size_t count, loff_t *ppos)
450 {
451 char *buf;
452 ssize_t len;
453
454 if (*ppos)
455 return -ESPIPE;
456
457 buf = simple_transaction_get(file, ubuf, count);
458 if (IS_ERR(buf))
459 return PTR_ERR(buf);
460
461 if (count > QUERY_CMD_PROFILE_LEN &&
462 !memcmp(buf, QUERY_CMD_PROFILE, QUERY_CMD_PROFILE_LEN)) {
463 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
464 buf + QUERY_CMD_PROFILE_LEN,
465 count - QUERY_CMD_PROFILE_LEN, true);
466 } else if (count > QUERY_CMD_LABEL_LEN &&
467 !memcmp(buf, QUERY_CMD_LABEL, QUERY_CMD_LABEL_LEN)) {
468 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
469 buf + QUERY_CMD_LABEL_LEN,
470 count - QUERY_CMD_LABEL_LEN, true);
471 } else if (count > QUERY_CMD_LABELALL_LEN &&
472 !memcmp(buf, QUERY_CMD_LABELALL, QUERY_CMD_LABELALL_LEN)) {
473 len = query_label(buf, SIMPLE_TRANSACTION_LIMIT,
474 buf + QUERY_CMD_LABELALL_LEN,
475 count - QUERY_CMD_LABELALL_LEN, false);
476 } else if (count > QUERY_CMD_DATA_LEN &&
477 !memcmp(buf, QUERY_CMD_DATA, QUERY_CMD_DATA_LEN)) {
478 len = query_data(buf, SIMPLE_TRANSACTION_LIMIT,
479 buf + QUERY_CMD_DATA_LEN,
480 count - QUERY_CMD_DATA_LEN);
481 } else
482 len = -EINVAL;
483
484 if (len < 0)
485 return len;
486
487 simple_transaction_set(file, len);
488
489 return count;
490 }
491
492 static const struct file_operations aa_fs_access = {
493 .write = aa_write_access,
494 .read = simple_transaction_read,
495 .release = simple_transaction_release,
496 .llseek = generic_file_llseek,
497 };
498
499 static int aa_fs_seq_show(struct seq_file *seq, void *v)
500 {
501 struct aa_fs_entry *fs_file = seq->private;
502
503 if (!fs_file)
504 return 0;
505
506 switch (fs_file->v_type) {
507 case AA_FS_TYPE_BOOLEAN:
508 seq_printf(seq, "%s\n", fs_file->v.boolean ? "yes" : "no");
509 break;
510 case AA_FS_TYPE_STRING:
511 seq_printf(seq, "%s\n", fs_file->v.string);
512 break;
513 case AA_FS_TYPE_U64:
514 seq_printf(seq, "%#08lx\n", fs_file->v.u64);
515 break;
516 default:
517 /* Ignore unpritable entry types. */
518 break;
519 }
520
521 return 0;
522 }
523
524 static int aa_fs_seq_open(struct inode *inode, struct file *file)
525 {
526 return single_open(file, aa_fs_seq_show, inode->i_private);
527 }
528
529 const struct file_operations aa_fs_seq_file_ops = {
530 .owner = THIS_MODULE,
531 .open = aa_fs_seq_open,
532 .read = seq_read,
533 .llseek = seq_lseek,
534 .release = single_release,
535 };
536
537 static int aa_fs_seq_profile_open(struct inode *inode, struct file *file,
538 int (*show)(struct seq_file *, void *))
539 {
540 struct aa_proxy *proxy = aa_get_proxy(inode->i_private);
541 int error = single_open(file, show, proxy);
542
543 if (error) {
544 file->private_data = NULL;
545 aa_put_proxy(proxy);
546 }
547
548 return error;
549 }
550
551 static int aa_fs_seq_profile_release(struct inode *inode, struct file *file)
552 {
553 struct seq_file *seq = (struct seq_file *) file->private_data;
554 if (seq)
555 aa_put_proxy(seq->private);
556 return single_release(inode, file);
557 }
558
559 static int aa_fs_seq_profname_show(struct seq_file *seq, void *v)
560 {
561 struct aa_proxy *proxy = seq->private;
562 struct aa_label *label = aa_get_label_rcu(&proxy->label);
563 struct aa_profile *profile = labels_profile(label);
564 seq_printf(seq, "%s\n", profile->base.name);
565 aa_put_label(label);
566
567 return 0;
568 }
569
570 static int aa_fs_seq_profname_open(struct inode *inode, struct file *file)
571 {
572 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profname_show);
573 }
574
575 static const struct file_operations aa_fs_profname_fops = {
576 .owner = THIS_MODULE,
577 .open = aa_fs_seq_profname_open,
578 .read = seq_read,
579 .llseek = seq_lseek,
580 .release = aa_fs_seq_profile_release,
581 };
582
583 static int aa_fs_seq_profmode_show(struct seq_file *seq, void *v)
584 {
585 struct aa_proxy *proxy = seq->private;
586 struct aa_label *label = aa_get_label_rcu(&proxy->label);
587 struct aa_profile *profile = labels_profile(label);
588 seq_printf(seq, "%s\n", aa_profile_mode_names[profile->mode]);
589 aa_put_label(label);
590
591 return 0;
592 }
593
594 static int aa_fs_seq_profmode_open(struct inode *inode, struct file *file)
595 {
596 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profmode_show);
597 }
598
599 static const struct file_operations aa_fs_profmode_fops = {
600 .owner = THIS_MODULE,
601 .open = aa_fs_seq_profmode_open,
602 .read = seq_read,
603 .llseek = seq_lseek,
604 .release = aa_fs_seq_profile_release,
605 };
606
607 static int aa_fs_seq_profattach_show(struct seq_file *seq, void *v)
608 {
609 struct aa_proxy *proxy = seq->private;
610 struct aa_label *label = aa_get_label_rcu(&proxy->label);
611 struct aa_profile *profile = labels_profile(label);
612 if (profile->attach)
613 seq_printf(seq, "%s\n", profile->attach);
614 else if (profile->xmatch)
615 seq_puts(seq, "<unknown>\n");
616 else
617 seq_printf(seq, "%s\n", profile->base.name);
618 aa_put_label(label);
619
620 return 0;
621 }
622
623 static int aa_fs_seq_profattach_open(struct inode *inode, struct file *file)
624 {
625 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_profattach_show);
626 }
627
628 static const struct file_operations aa_fs_profattach_fops = {
629 .owner = THIS_MODULE,
630 .open = aa_fs_seq_profattach_open,
631 .read = seq_read,
632 .llseek = seq_lseek,
633 .release = aa_fs_seq_profile_release,
634 };
635
636 static int aa_fs_seq_hash_show(struct seq_file *seq, void *v)
637 {
638 struct aa_proxy *proxy = seq->private;
639 struct aa_label *label = aa_get_label_rcu(&proxy->label);
640 struct aa_profile *profile = labels_profile(label);
641 unsigned int i, size = aa_hash_size();
642
643 if (profile->hash) {
644 for (i = 0; i < size; i++)
645 seq_printf(seq, "%.2x", profile->hash[i]);
646 seq_puts(seq, "\n");
647 }
648 aa_put_label(label);
649
650 return 0;
651 }
652
653 static int aa_fs_seq_hash_open(struct inode *inode, struct file *file)
654 {
655 return single_open(file, aa_fs_seq_hash_show, inode->i_private);
656 }
657
658 static const struct file_operations aa_fs_seq_hash_fops = {
659 .owner = THIS_MODULE,
660 .open = aa_fs_seq_hash_open,
661 .read = seq_read,
662 .llseek = seq_lseek,
663 .release = single_release,
664 };
665
666 static int aa_fs_seq_show_stacked(struct seq_file *seq, void *v)
667 {
668 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
669 seq_printf(seq, "%s\n", label->size > 1 ? "yes" : "no");
670 aa_end_current_label(label);
671
672 return 0;
673 }
674
675 static int aa_fs_seq_open_stacked(struct inode *inode, struct file *file)
676 {
677 return single_open(file, aa_fs_seq_show_stacked, inode->i_private);
678 }
679
680 static const struct file_operations aa_fs_stacked = {
681 .owner = THIS_MODULE,
682 .open = aa_fs_seq_open_stacked,
683 .read = seq_read,
684 .llseek = seq_lseek,
685 .release = single_release,
686 };
687
688 static int aa_fs_seq_show_ns_stacked(struct seq_file *seq, void *v)
689 {
690 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
691 struct aa_profile *profile;
692 struct label_it it;
693 int count = 1;
694
695 if (label->size > 1) {
696 label_for_each(it, label, profile)
697 if (profile->ns != labels_ns(label)) {
698 count++;
699 break;
700 }
701 }
702
703 seq_printf(seq, "%s\n", count > 1 ? "yes" : "no");
704 aa_end_current_label(label);
705
706 return 0;
707 }
708
709 static int aa_fs_seq_open_ns_stacked(struct inode *inode, struct file *file)
710 {
711 return single_open(file, aa_fs_seq_show_ns_stacked, inode->i_private);
712 }
713
714 static const struct file_operations aa_fs_ns_stacked = {
715 .owner = THIS_MODULE,
716 .open = aa_fs_seq_open_ns_stacked,
717 .read = seq_read,
718 .llseek = seq_lseek,
719 .release = single_release,
720 };
721
722 static int aa_fs_seq_show_ns_level(struct seq_file *seq, void *v)
723 {
724 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
725 seq_printf(seq, "%d\n", labels_ns(label)->level);
726 aa_end_current_label(label);
727
728 return 0;
729 }
730
731 static int aa_fs_seq_open_ns_level(struct inode *inode, struct file *file)
732 {
733 return single_open(file, aa_fs_seq_show_ns_level, inode->i_private);
734 }
735
736 static const struct file_operations aa_fs_ns_level = {
737 .owner = THIS_MODULE,
738 .open = aa_fs_seq_open_ns_level,
739 .read = seq_read,
740 .llseek = seq_lseek,
741 .release = single_release,
742 };
743
744 static int aa_fs_seq_show_ns_name(struct seq_file *seq, void *v)
745 {
746 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
747 seq_printf(seq, "%s\n", labels_ns(label)->base.name);
748 aa_end_current_label(label);
749
750 return 0;
751 }
752
753 static int aa_fs_seq_open_ns_name(struct inode *inode, struct file *file)
754 {
755 return single_open(file, aa_fs_seq_show_ns_name, inode->i_private);
756 }
757
758 static const struct file_operations aa_fs_ns_name = {
759 .owner = THIS_MODULE,
760 .open = aa_fs_seq_open_ns_name,
761 .read = seq_read,
762 .llseek = seq_lseek,
763 .release = single_release,
764 };
765
766 static int rawdata_release(struct inode *inode, struct file *file)
767 {
768 /* TODO: switch to loaddata when profile switched to symlink */
769 aa_put_loaddata(file->private_data);
770
771 return 0;
772 }
773
774 static int aa_fs_seq_raw_abi_show(struct seq_file *seq, void *v)
775 {
776 struct aa_proxy *proxy = seq->private;
777 struct aa_label *label = aa_get_label_rcu(&proxy->label);
778 struct aa_profile *profile = labels_profile(label);
779
780 if (profile->rawdata->abi) {
781 seq_printf(seq, "v%d", profile->rawdata->abi);
782 seq_puts(seq, "\n");
783 }
784 aa_put_label(label);
785
786 return 0;
787 }
788
789 static int aa_fs_seq_raw_abi_open(struct inode *inode, struct file *file)
790 {
791 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_abi_show);
792 }
793
794 static const struct file_operations aa_fs_seq_raw_abi_fops = {
795 .owner = THIS_MODULE,
796 .open = aa_fs_seq_raw_abi_open,
797 .read = seq_read,
798 .llseek = seq_lseek,
799 .release = aa_fs_seq_profile_release,
800 };
801
802 static int aa_fs_seq_raw_hash_show(struct seq_file *seq, void *v)
803 {
804 struct aa_proxy *proxy = seq->private;
805 struct aa_label *label = aa_get_label_rcu(&proxy->label);
806 struct aa_profile *profile = labels_profile(label);
807 unsigned int i, size = aa_hash_size();
808
809 if (profile->rawdata->hash) {
810 for (i = 0; i < size; i++)
811 seq_printf(seq, "%.2x", profile->rawdata->hash[i]);
812 seq_puts(seq, "\n");
813 }
814 aa_put_label(label);
815
816 return 0;
817 }
818
819 static int aa_fs_seq_raw_hash_open(struct inode *inode, struct file *file)
820 {
821 return aa_fs_seq_profile_open(inode, file, aa_fs_seq_raw_hash_show);
822 }
823
824 static const struct file_operations aa_fs_seq_raw_hash_fops = {
825 .owner = THIS_MODULE,
826 .open = aa_fs_seq_raw_hash_open,
827 .read = seq_read,
828 .llseek = seq_lseek,
829 .release = aa_fs_seq_profile_release,
830 };
831
832 static ssize_t rawdata_read(struct file *file, char __user *buf, size_t size,
833 loff_t *ppos)
834 {
835 struct aa_loaddata *rawdata = file->private_data;
836
837 return simple_read_from_buffer(buf, size, ppos, rawdata->data,
838 rawdata->size);
839 }
840
841 static int rawdata_open(struct inode *inode, struct file *file)
842 {
843 struct aa_proxy *proxy = inode->i_private;
844 struct aa_label *label;
845 struct aa_profile *profile;
846
847 if (!policy_view_capable(NULL))
848 return -EACCES;
849 label = aa_get_label_rcu(&proxy->label);
850 profile = labels_profile(label);
851 file->private_data = aa_get_loaddata(profile->rawdata);
852 aa_put_label(label);
853
854 return 0;
855 }
856
857 static const struct file_operations aa_fs_rawdata_fops = {
858 .open = rawdata_open,
859 .read = rawdata_read,
860 .llseek = generic_file_llseek,
861 .release = rawdata_release,
862 };
863
864 /** fns to setup dynamic per profile/namespace files **/
865
866 /**
867 *
868 * Requires: @profile->ns->lock held
869 */
870 void __aa_fs_profile_rmdir(struct aa_profile *profile)
871 {
872 struct aa_profile *child;
873 int i;
874
875 if (!profile)
876 return;
877 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
878
879 list_for_each_entry(child, &profile->base.profiles, base.list)
880 __aa_fs_profile_rmdir(child);
881
882 for (i = AAFS_PROF_SIZEOF - 1; i >= 0; --i) {
883 struct aa_proxy *proxy;
884 if (!profile->dents[i])
885 continue;
886
887 proxy = d_inode(profile->dents[i])->i_private;
888 securityfs_remove(profile->dents[i]);
889 aa_put_proxy(proxy);
890 profile->dents[i] = NULL;
891 }
892 }
893
894 /**
895 *
896 * Requires: @old->ns->lock held
897 */
898 void __aa_fs_profile_migrate_dents(struct aa_profile *old,
899 struct aa_profile *new)
900 {
901 int i;
902
903 AA_BUG(!old);
904 AA_BUG(!new);
905 AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock));
906
907 for (i = 0; i < AAFS_PROF_SIZEOF; i++) {
908 new->dents[i] = old->dents[i];
909 if (new->dents[i])
910 new->dents[i]->d_inode->i_mtime = current_time(new->dents[i]->d_inode);
911 old->dents[i] = NULL;
912 }
913 }
914
915 static struct dentry *create_profile_file(struct dentry *dir, const char *name,
916 struct aa_profile *profile,
917 const struct file_operations *fops)
918 {
919 struct aa_proxy *proxy = aa_get_proxy(profile->label.proxy);
920 struct dentry *dent;
921
922 dent = securityfs_create_file(name, S_IFREG | 0444, dir, proxy, fops);
923 if (IS_ERR(dent))
924 aa_put_proxy(proxy);
925
926 return dent;
927 }
928
929 /**
930 *
931 * Requires: @profile->ns->lock held
932 */
933 int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
934 {
935 struct aa_profile *child;
936 struct dentry *dent = NULL, *dir;
937 int error;
938
939 AA_BUG(!profile);
940 AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock));
941
942 if (!parent) {
943 struct aa_profile *p;
944 p = aa_deref_parent(profile);
945 dent = prof_dir(p);
946 /* adding to parent that previously didn't have children */
947 dent = securityfs_create_dir("profiles", dent);
948 if (IS_ERR(dent))
949 goto fail;
950 prof_child_dir(p) = parent = dent;
951 }
952
953 if (!profile->dirname) {
954 int len, id_len;
955 len = mangle_name(profile->base.name, NULL);
956 id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
957
958 profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
959 if (!profile->dirname)
960 goto fail;
961
962 mangle_name(profile->base.name, profile->dirname);
963 sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
964 }
965
966 dent = securityfs_create_dir(profile->dirname, parent);
967 if (IS_ERR(dent))
968 goto fail;
969 prof_dir(profile) = dir = dent;
970
971 dent = create_profile_file(dir, "name", profile, &aa_fs_profname_fops);
972 if (IS_ERR(dent))
973 goto fail;
974 profile->dents[AAFS_PROF_NAME] = dent;
975
976 dent = create_profile_file(dir, "mode", profile, &aa_fs_profmode_fops);
977 if (IS_ERR(dent))
978 goto fail;
979 profile->dents[AAFS_PROF_MODE] = dent;
980
981 dent = create_profile_file(dir, "attach", profile,
982 &aa_fs_profattach_fops);
983 if (IS_ERR(dent))
984 goto fail;
985 profile->dents[AAFS_PROF_ATTACH] = dent;
986
987 if (profile->hash) {
988 dent = create_profile_file(dir, "sha1", profile,
989 &aa_fs_seq_hash_fops);
990 if (IS_ERR(dent))
991 goto fail;
992 profile->dents[AAFS_PROF_HASH] = dent;
993 }
994
995 if (profile->rawdata) {
996 dent = create_profile_file(dir, "raw_hash", profile,
997 &aa_fs_seq_raw_hash_fops);
998 if (IS_ERR(dent))
999 goto fail;
1000 profile->dents[AAFS_PROF_RAW_HASH] = dent;
1001
1002 dent = create_profile_file(dir, "raw_abi", profile,
1003 &aa_fs_seq_raw_abi_fops);
1004 if (IS_ERR(dent))
1005 goto fail;
1006 profile->dents[AAFS_PROF_RAW_ABI] = dent;
1007
1008 dent = securityfs_create_file("raw_data", S_IFREG | 0444, dir,
1009 profile->label.proxy,
1010 &aa_fs_rawdata_fops);
1011 if (IS_ERR(dent))
1012 goto fail;
1013 profile->dents[AAFS_PROF_RAW_DATA] = dent;
1014 d_inode(dent)->i_size = profile->rawdata->size;
1015 aa_get_proxy(profile->label.proxy);
1016 }
1017
1018 list_for_each_entry(child, &profile->base.profiles, base.list) {
1019 error = __aa_fs_profile_mkdir(child, prof_child_dir(profile));
1020 if (error)
1021 goto fail2;
1022 }
1023
1024 return 0;
1025
1026 fail:
1027 error = PTR_ERR(dent);
1028
1029 fail2:
1030 __aa_fs_profile_rmdir(profile);
1031
1032 return error;
1033 }
1034
1035 static int ns_mkdir_op(struct inode *dir, struct dentry *dentry, umode_t mode)
1036 {
1037 struct aa_ns *ns, *parent;
1038 /* TODO: improve permission check */
1039 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1040 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1041 aa_end_current_label(label);
1042 if (error)
1043 return error;
1044
1045 parent = aa_get_ns(dir->i_private);
1046 AA_BUG(d_inode(ns_subns_dir(parent)) != dir);
1047
1048 /* we have to unlock and then relock to get locking order right
1049 * for pin_fs
1050 */
1051 inode_unlock(dir);
1052 error = securityfs_pin_fs();
1053 inode_lock_nested(dir, I_MUTEX_PARENT);
1054 if (error)
1055 return error;
1056
1057 error = __securityfs_setup_d_inode(dir, dentry, mode | S_IFDIR, NULL,
1058 NULL, NULL);
1059 if (error)
1060 return error;
1061
1062 ns = aa_create_ns(parent, ACCESS_ONCE(dentry->d_name.name), dentry);
1063 if (IS_ERR(ns)) {
1064 error = PTR_ERR(ns);
1065 ns = NULL;
1066 }
1067
1068 aa_put_ns(ns); /* list ref remains */
1069 aa_put_ns(parent);
1070
1071 return error;
1072 }
1073
1074 static int ns_rmdir_op(struct inode *dir, struct dentry *dentry)
1075 {
1076 struct aa_ns *ns, *parent;
1077 /* TODO: improve permission check */
1078 struct aa_label *label = aa_begin_current_label(DO_UPDATE);
1079 int error = aa_may_manage_policy(label, NULL, AA_MAY_LOAD_POLICY);
1080 aa_end_current_label(label);
1081 if (error)
1082 return error;
1083
1084 parent = aa_get_ns(dir->i_private);
1085 /* rmdir calls the generic securityfs functions to remove files
1086 * from the apparmor dir. It is up to the apparmor ns locking
1087 * to avoid races.
1088 */
1089 inode_unlock(dir);
1090 inode_unlock(dentry->d_inode);
1091
1092 mutex_lock(&parent->lock);
1093 ns = aa_get_ns(__aa_findn_ns(&parent->sub_ns, dentry->d_name.name,
1094 dentry->d_name.len));
1095 if (!ns) {
1096 error = -ENOENT;
1097 goto out;
1098 }
1099 AA_BUG(ns_dir(ns) != dentry);
1100
1101 __aa_remove_ns(ns);
1102 aa_put_ns(ns);
1103
1104 out:
1105 mutex_unlock(&parent->lock);
1106 inode_lock_nested(dir, I_MUTEX_PARENT);
1107 inode_lock(dentry->d_inode);
1108 aa_put_ns(parent);
1109
1110 return error;
1111 }
1112
1113 static const struct inode_operations ns_dir_inode_operations = {
1114 .lookup = simple_lookup,
1115 .mkdir = ns_mkdir_op,
1116 .rmdir = ns_rmdir_op,
1117 };
1118
1119 /**
1120 *
1121 * Requires: @ns->lock held
1122 */
1123 void __aa_fs_ns_rmdir(struct aa_ns *ns)
1124 {
1125 struct aa_ns *sub;
1126 struct aa_profile *child;
1127 int i;
1128
1129 if (!ns)
1130 return;
1131 AA_BUG(!mutex_is_locked(&ns->lock));
1132
1133 list_for_each_entry(child, &ns->base.profiles, base.list)
1134 __aa_fs_profile_rmdir(child);
1135
1136 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1137 mutex_lock(&sub->lock);
1138 __aa_fs_ns_rmdir(sub);
1139 mutex_unlock(&sub->lock);
1140 }
1141
1142 if (ns_subns_dir(ns)) {
1143 sub = d_inode(ns_subns_dir(ns))->i_private;
1144 aa_put_ns(sub);
1145 }
1146 if (ns_subload(ns)) {
1147 sub = d_inode(ns_subload(ns))->i_private;
1148 aa_put_ns(sub);
1149 }
1150 if (ns_subreplace(ns)) {
1151 sub = d_inode(ns_subreplace(ns))->i_private;
1152 aa_put_ns(sub);
1153 }
1154 if (ns_subremove(ns)) {
1155 sub = d_inode(ns_subremove(ns))->i_private;
1156 aa_put_ns(sub);
1157 }
1158
1159 for (i = AAFS_NS_SIZEOF - 1; i >= 0; --i) {
1160 securityfs_remove(ns->dents[i]);
1161 ns->dents[i] = NULL;
1162 }
1163 }
1164
1165 /* assumes cleanup in caller */
1166 static int __aa_fs_ns_mkdir_entries(struct aa_ns *ns, struct dentry *dir)
1167 {
1168 struct dentry *dent;
1169
1170 AA_BUG(!ns);
1171 AA_BUG(!dir);
1172
1173 dent = securityfs_create_dir("profiles", dir);
1174 if (IS_ERR(dent))
1175 return PTR_ERR(dent);
1176 ns_subprofs_dir(ns) = dent;
1177
1178 dent = securityfs_create_dir("raw_data", dir);
1179 if (IS_ERR(dent))
1180 return PTR_ERR(dent);
1181 ns_subdata_dir(ns) = dent;
1182
1183 dent = securityfs_create_file(".load", 0666, dir, ns,
1184 &aa_fs_profile_load);
1185 if (IS_ERR(dent))
1186 return PTR_ERR(dent);
1187 aa_get_ns(ns);
1188 ns_subload(ns) = dent;
1189
1190 dent = securityfs_create_file(".replace", 0666, dir, ns,
1191 &aa_fs_profile_replace);
1192 if (IS_ERR(dent))
1193 return PTR_ERR(dent);
1194 aa_get_ns(ns);
1195 ns_subreplace(ns) = dent;
1196
1197 dent = securityfs_create_file(".remove", 0666, dir, ns,
1198 &aa_fs_profile_remove);
1199 if (IS_ERR(dent))
1200 return PTR_ERR(dent);
1201 aa_get_ns(ns);
1202 ns_subremove(ns) = dent;
1203
1204 /* use create_dentry so we can supply private data */
1205 dent = securityfs_create_dentry("namespaces",
1206 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
1207 dir, ns, NULL,
1208 &ns_dir_inode_operations);
1209 if (IS_ERR(dent))
1210 return PTR_ERR(dent);
1211 aa_get_ns(ns);
1212 ns_subns_dir(ns) = dent;
1213
1214 return 0;
1215 }
1216
1217 /**
1218 *
1219 * Requires: @ns->lock held
1220 */
1221 int __aa_fs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
1222 struct dentry *dent)
1223 {
1224 struct aa_ns *sub;
1225 struct aa_profile *child;
1226 struct dentry *dir;
1227 int error;
1228
1229 AA_BUG(!ns);
1230 AA_BUG(!parent);
1231 AA_BUG(!mutex_is_locked(&ns->lock));
1232
1233 if (!name)
1234 name = ns->base.name;
1235
1236 if (!dent) {
1237 /* create ns dir if it doesn't already exist */
1238 dent = securityfs_create_dir(name, parent);
1239 if (IS_ERR(dent))
1240 goto fail;
1241 } else
1242 dget(dent);
1243 ns_dir(ns) = dir = dent;
1244 error = __aa_fs_ns_mkdir_entries(ns, dir);
1245 if (error)
1246 goto fail2;
1247
1248 /* profiles */
1249 list_for_each_entry(child, &ns->base.profiles, base.list) {
1250 error = __aa_fs_profile_mkdir(child, ns_subprofs_dir(ns));
1251 if (error)
1252 goto fail2;
1253 }
1254
1255 /* subnamespaces */
1256 list_for_each_entry(sub, &ns->sub_ns, base.list) {
1257 mutex_lock(&sub->lock);
1258 error = __aa_fs_ns_mkdir(sub, ns_subns_dir(ns), NULL, NULL);
1259 mutex_unlock(&sub->lock);
1260 if (error)
1261 goto fail2;
1262 }
1263
1264 return 0;
1265
1266 fail:
1267 error = PTR_ERR(dent);
1268
1269 fail2:
1270 __aa_fs_ns_rmdir(ns);
1271
1272 return error;
1273 }
1274
1275
1276 #define list_entry_is_head(pos, head, member) (&pos->member == (head))
1277
1278 /**
1279 * __next_ns - find the next namespace to list
1280 * @root: root namespace to stop search at (NOT NULL)
1281 * @ns: current ns position (NOT NULL)
1282 *
1283 * Find the next namespace from @ns under @root and handle all locking needed
1284 * while switching current namespace.
1285 *
1286 * Returns: next namespace or NULL if at last namespace under @root
1287 * Requires: ns->parent->lock to be held
1288 * NOTE: will not unlock root->lock
1289 */
1290 static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns)
1291 {
1292 struct aa_ns *parent, *next;
1293
1294 AA_BUG(!root);
1295 AA_BUG(!ns);
1296 AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock));
1297
1298 /* is next namespace a child */
1299 if (!list_empty(&ns->sub_ns)) {
1300 next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
1301 mutex_lock(&next->lock);
1302 return next;
1303 }
1304
1305 /* check if the next ns is a sibling, parent, gp, .. */
1306 parent = ns->parent;
1307 while (ns != root) {
1308 mutex_unlock(&ns->lock);
1309 next = list_next_entry(ns, base.list);
1310 if (!list_entry_is_head(next, &parent->sub_ns, base.list)) {
1311 mutex_lock(&next->lock);
1312 return next;
1313 }
1314 ns = parent;
1315 parent = parent->parent;
1316 }
1317
1318 return NULL;
1319 }
1320
1321 /**
1322 * __first_profile - find the first profile in a namespace
1323 * @root: namespace that is root of profiles being displayed (NOT NULL)
1324 * @ns: namespace to start in (MAY BE NULL)
1325 *
1326 * Returns: unrefcounted profile or NULL if no profile
1327 * Requires: ns.lock to be held
1328 */
1329 static struct aa_profile *__first_profile(struct aa_ns *root, struct aa_ns *ns)
1330 {
1331 AA_BUG(!root);
1332 AA_BUG(ns && !mutex_is_locked(&ns->lock));
1333
1334 for (; ns; ns = __next_ns(root, ns)) {
1335 if (!list_empty(&ns->base.profiles))
1336 return list_first_entry(&ns->base.profiles,
1337 struct aa_profile, base.list);
1338 }
1339 return NULL;
1340 }
1341
1342 /**
1343 * __next_profile - step to the next profile in a profile tree
1344 * @profile: current profile in tree (NOT NULL)
1345 *
1346 * Perform a depth first traversal on the profile tree in a namespace
1347 *
1348 * Returns: next profile or NULL if done
1349 * Requires: profile->ns.lock to be held
1350 */
1351 static struct aa_profile *__next_profile(struct aa_profile *p)
1352 {
1353 struct aa_profile *parent;
1354 struct aa_ns *ns = p->ns;
1355
1356 AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock));
1357
1358 /* is next profile a child */
1359 if (!list_empty(&p->base.profiles))
1360 return list_first_entry(&p->base.profiles, typeof(*p),
1361 base.list);
1362
1363 /* is next profile a sibling, parent sibling, gp, sibling, .. */
1364 parent = rcu_dereference_protected(p->parent,
1365 mutex_is_locked(&p->ns->lock));
1366 while (parent) {
1367 p = list_next_entry(p, base.list);
1368 if (!list_entry_is_head(p, &parent->base.profiles, base.list))
1369 return p;
1370 p = parent;
1371 parent = rcu_dereference_protected(parent->parent,
1372 mutex_is_locked(&parent->ns->lock));
1373 }
1374
1375 /* is next another profile in the namespace */
1376 p = list_next_entry(p, base.list);
1377 if (!list_entry_is_head(p, &ns->base.profiles, base.list))
1378 return p;
1379
1380 return NULL;
1381 }
1382
1383 /**
1384 * next_profile - step to the next profile in where ever it may be
1385 * @root: root namespace (NOT NULL)
1386 * @profile: current profile (NOT NULL)
1387 *
1388 * Returns: next profile or NULL if there isn't one
1389 */
1390 static struct aa_profile *next_profile(struct aa_ns *root,
1391 struct aa_profile *profile)
1392 {
1393 struct aa_profile *next = __next_profile(profile);
1394 if (next)
1395 return next;
1396
1397 /* finished all profiles in namespace move to next namespace */
1398 return __first_profile(root, __next_ns(root, profile->ns));
1399 }
1400
1401 /**
1402 * p_start - start a depth first traversal of profile tree
1403 * @f: seq_file to fill
1404 * @pos: current position
1405 *
1406 * Returns: first profile under current namespace or NULL if none found
1407 *
1408 * acquires first ns->lock
1409 */
1410 static void *p_start(struct seq_file *f, loff_t *pos)
1411 {
1412 struct aa_profile *profile = NULL;
1413 struct aa_ns *root = aa_get_current_ns();
1414 loff_t l = *pos;
1415 f->private = root;
1416
1417 /* find the first profile */
1418 mutex_lock(&root->lock);
1419 profile = __first_profile(root, root);
1420
1421 /* skip to position */
1422 for (; profile && l > 0; l--)
1423 profile = next_profile(root, profile);
1424
1425 return profile;
1426 }
1427
1428 /**
1429 * p_next - read the next profile entry
1430 * @f: seq_file to fill
1431 * @p: profile previously returned
1432 * @pos: current position
1433 *
1434 * Returns: next profile after @p or NULL if none
1435 *
1436 * may acquire/release locks in namespace tree as necessary
1437 */
1438 static void *p_next(struct seq_file *f, void *p, loff_t *pos)
1439 {
1440 struct aa_profile *profile = p;
1441 struct aa_ns *ns = f->private;
1442 (*pos)++;
1443
1444 return next_profile(ns, profile);
1445 }
1446
1447 /**
1448 * p_stop - stop depth first traversal
1449 * @f: seq_file we are filling
1450 * @p: the last profile writen
1451 *
1452 * Release all locking done by p_start/p_next on namespace tree
1453 */
1454 static void p_stop(struct seq_file *f, void *p)
1455 {
1456 struct aa_profile *profile = p;
1457 struct aa_ns *root = f->private, *ns;
1458
1459 if (profile) {
1460 for (ns = profile->ns; ns && ns != root; ns = ns->parent)
1461 mutex_unlock(&ns->lock);
1462 }
1463 mutex_unlock(&root->lock);
1464 aa_put_ns(root);
1465 }
1466
1467 /**
1468 * seq_show_profile - show a profile entry
1469 * @f: seq_file to file
1470 * @p: current position (profile) (NOT NULL)
1471 *
1472 * Returns: error on failure
1473 */
1474 static int seq_show_profile(struct seq_file *f, void *p)
1475 {
1476 struct aa_profile *profile = (struct aa_profile *)p;
1477 struct aa_ns *root = f->private;
1478
1479 aa_label_seq_xprint(f, root, &profile->label,
1480 FLAG_SHOW_MODE | FLAG_VIEW_SUBNS, GFP_KERNEL);
1481 seq_printf(f, "\n");
1482
1483 return 0;
1484 }
1485
1486 static const struct seq_operations aa_fs_profiles_op = {
1487 .start = p_start,
1488 .next = p_next,
1489 .stop = p_stop,
1490 .show = seq_show_profile,
1491 };
1492
1493 static int profiles_open(struct inode *inode, struct file *file)
1494 {
1495 if (!policy_view_capable(NULL))
1496 return -EACCES;
1497
1498 return seq_open(file, &aa_fs_profiles_op);
1499 }
1500
1501 static int profiles_release(struct inode *inode, struct file *file)
1502 {
1503 return seq_release(inode, file);
1504 }
1505
1506 static const struct file_operations aa_fs_profiles_fops = {
1507 .open = profiles_open,
1508 .read = seq_read,
1509 .llseek = seq_lseek,
1510 .release = profiles_release,
1511 };
1512
1513
1514 /** Base file system setup **/
1515 static struct aa_fs_entry aa_fs_entry_file[] = {
1516 AA_FS_FILE_STRING("mask", "create read write exec append mmap_exec " \
1517 "link lock"),
1518 { }
1519 };
1520
1521 static struct aa_fs_entry aa_fs_entry_ptrace[] = {
1522 AA_FS_FILE_STRING("mask", "read trace"),
1523 { }
1524 };
1525
1526 static struct aa_fs_entry aa_fs_entry_signal[] = {
1527 AA_FS_FILE_STRING("mask", AA_FS_SIG_MASK),
1528 { }
1529 };
1530
1531 static struct aa_fs_entry aa_fs_entry_domain[] = {
1532 AA_FS_FILE_BOOLEAN("change_hat", 1),
1533 AA_FS_FILE_BOOLEAN("change_hatv", 1),
1534 AA_FS_FILE_BOOLEAN("change_onexec", 1),
1535 AA_FS_FILE_BOOLEAN("change_profile", 1),
1536 AA_FS_FILE_BOOLEAN("stack", 1),
1537 AA_FS_FILE_BOOLEAN("fix_binfmt_elf_mmap", 1),
1538 AA_FS_FILE_STRING("version", "1.2"),
1539 { }
1540 };
1541
1542 static struct aa_fs_entry aa_fs_entry_versions[] = {
1543 AA_FS_FILE_BOOLEAN("v5", 1),
1544 AA_FS_FILE_BOOLEAN("v6", 1),
1545 AA_FS_FILE_BOOLEAN("v7", 1),
1546 { }
1547 };
1548
1549 static struct aa_fs_entry aa_fs_entry_policy[] = {
1550 AA_FS_DIR("versions", aa_fs_entry_versions),
1551 AA_FS_FILE_BOOLEAN("set_load", 1),
1552 { }
1553 };
1554
1555 static struct aa_fs_entry aa_fs_entry_mount[] = {
1556 AA_FS_FILE_STRING("mask", "mount umount"),
1557 { }
1558 };
1559
1560 static struct aa_fs_entry aa_fs_entry_ns[] = {
1561 AA_FS_FILE_BOOLEAN("profile", 1),
1562 AA_FS_FILE_BOOLEAN("pivot_root", 1),
1563 { }
1564 };
1565
1566 static struct aa_fs_entry aa_fs_entry_dbus[] = {
1567 AA_FS_FILE_STRING("mask", "acquire send receive"),
1568 { }
1569 };
1570
1571 static struct aa_fs_entry aa_fs_entry_features[] = {
1572 AA_FS_DIR("policy", aa_fs_entry_policy),
1573 AA_FS_DIR("domain", aa_fs_entry_domain),
1574 AA_FS_DIR("file", aa_fs_entry_file),
1575 AA_FS_DIR("network", aa_fs_entry_network),
1576 AA_FS_DIR("mount", aa_fs_entry_mount),
1577 AA_FS_DIR("namespaces", aa_fs_entry_ns),
1578 AA_FS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
1579 AA_FS_DIR("rlimit", aa_fs_entry_rlimit),
1580 AA_FS_DIR("caps", aa_fs_entry_caps),
1581 AA_FS_DIR("ptrace", aa_fs_entry_ptrace),
1582 AA_FS_DIR("signal", aa_fs_entry_signal),
1583 AA_FS_DIR("dbus", aa_fs_entry_dbus),
1584 { }
1585 };
1586
1587 static struct aa_fs_entry aa_fs_entry_apparmor[] = {
1588 AA_FS_FILE_FOPS(".access", 0666, &aa_fs_access),
1589 AA_FS_FILE_FOPS(".stacked", 0666, &aa_fs_stacked),
1590 AA_FS_FILE_FOPS(".ns_stacked", 0666, &aa_fs_ns_stacked),
1591 AA_FS_FILE_FOPS(".ns_level", 0666, &aa_fs_ns_level),
1592 AA_FS_FILE_FOPS(".ns_name", 0666, &aa_fs_ns_name),
1593 AA_FS_FILE_FOPS("profiles", 0444, &aa_fs_profiles_fops),
1594 AA_FS_DIR("features", aa_fs_entry_features),
1595 { }
1596 };
1597
1598 static struct aa_fs_entry aa_fs_entry =
1599 AA_FS_DIR("apparmor", aa_fs_entry_apparmor);
1600
1601 /**
1602 * aafs_create_file - create a file entry in the apparmor securityfs
1603 * @fs_file: aa_fs_entry to build an entry for (NOT NULL)
1604 * @parent: the parent dentry in the securityfs
1605 *
1606 * Use aafs_remove_file to remove entries created with this fn.
1607 */
1608 static int __init aafs_create_file(struct aa_fs_entry *fs_file,
1609 struct dentry *parent)
1610 {
1611 int error = 0;
1612
1613 fs_file->dentry = securityfs_create_file(fs_file->name,
1614 S_IFREG | fs_file->mode,
1615 parent, fs_file,
1616 fs_file->file_ops);
1617 if (IS_ERR(fs_file->dentry)) {
1618 error = PTR_ERR(fs_file->dentry);
1619 fs_file->dentry = NULL;
1620 }
1621 return error;
1622 }
1623
1624 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir);
1625 /**
1626 * aafs_create_dir - recursively create a directory entry in the securityfs
1627 * @fs_dir: aa_fs_entry (and all child entries) to build (NOT NULL)
1628 * @parent: the parent dentry in the securityfs
1629 *
1630 * Use aafs_remove_dir to remove entries created with this fn.
1631 */
1632 static int __init aafs_create_dir(struct aa_fs_entry *fs_dir,
1633 struct dentry *parent)
1634 {
1635 struct aa_fs_entry *fs_file;
1636 struct dentry *dir;
1637 int error;
1638
1639 dir = securityfs_create_dir(fs_dir->name, parent);
1640 if (IS_ERR(dir))
1641 return PTR_ERR(dir);
1642 fs_dir->dentry = dir;
1643
1644 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1645 if (fs_file->v_type == AA_FS_TYPE_DIR)
1646 error = aafs_create_dir(fs_file, fs_dir->dentry);
1647 else
1648 error = aafs_create_file(fs_file, fs_dir->dentry);
1649 if (error)
1650 goto failed;
1651 }
1652
1653 return 0;
1654
1655 failed:
1656 aafs_remove_dir(fs_dir);
1657
1658 return error;
1659 }
1660
1661 /**
1662 * aafs_remove_file - drop a single file entry in the apparmor securityfs
1663 * @fs_file: aa_fs_entry to detach from the securityfs (NOT NULL)
1664 */
1665 static void __init aafs_remove_file(struct aa_fs_entry *fs_file)
1666 {
1667 if (!fs_file->dentry)
1668 return;
1669
1670 securityfs_remove(fs_file->dentry);
1671 fs_file->dentry = NULL;
1672 }
1673
1674 /**
1675 * aafs_remove_dir - recursively drop a directory entry from the securityfs
1676 * @fs_dir: aa_fs_entry (and all child entries) to detach (NOT NULL)
1677 */
1678 static void __init aafs_remove_dir(struct aa_fs_entry *fs_dir)
1679 {
1680 struct aa_fs_entry *fs_file;
1681
1682 for (fs_file = fs_dir->v.files; fs_file && fs_file->name; ++fs_file) {
1683 if (fs_file->v_type == AA_FS_TYPE_DIR)
1684 aafs_remove_dir(fs_file);
1685 else
1686 aafs_remove_file(fs_file);
1687 }
1688
1689 aafs_remove_file(fs_dir);
1690 }
1691
1692 /**
1693 * aa_destroy_aafs - cleanup and free aafs
1694 *
1695 * releases dentries allocated by aa_create_aafs
1696 */
1697 void __init aa_destroy_aafs(void)
1698 {
1699 aafs_remove_dir(&aa_fs_entry);
1700 }
1701
1702
1703 #define NULL_FILE_NAME ".null"
1704 struct path aa_null;
1705
1706 static int aa_mk_null_file(struct dentry *parent)
1707 {
1708 struct vfsmount *mount = NULL;
1709 struct dentry *dentry;
1710 struct inode *inode;
1711 int count = 0;
1712 int error = simple_pin_fs(parent->d_sb->s_type, &mount, &count);
1713 if (error)
1714 return error;
1715
1716 inode_lock(d_inode(parent));
1717 dentry = lookup_one_len(NULL_FILE_NAME, parent, strlen(NULL_FILE_NAME));
1718 if (IS_ERR(dentry)) {
1719 error = PTR_ERR(dentry);
1720 goto out;
1721 }
1722 inode = new_inode(parent->d_inode->i_sb);
1723 if (!inode) {
1724 error = -ENOMEM;
1725 goto out1;
1726 }
1727
1728 inode->i_ino = get_next_ino();
1729 inode->i_mode = S_IFCHR | S_IRUGO | S_IWUGO;
1730 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
1731 init_special_inode(inode, S_IFCHR | S_IRUGO | S_IWUGO,
1732 MKDEV(MEM_MAJOR, 3));
1733 d_instantiate(dentry, inode);
1734 aa_null.dentry = dget(dentry);
1735 aa_null.mnt = mntget(mount);
1736
1737 error = 0;
1738
1739 out1:
1740 dput(dentry);
1741 out:
1742 inode_unlock(d_inode(parent));
1743 simple_release_fs(&mount, &count);
1744 return error;
1745 }
1746
1747 /**
1748 * aa_create_aafs - create the apparmor security filesystem
1749 *
1750 * dentries created here are released by aa_destroy_aafs
1751 *
1752 * Returns: error on failure
1753 */
1754 static int __init aa_create_aafs(void)
1755 {
1756 struct dentry *dent;
1757 int error;
1758
1759 if (!apparmor_initialized)
1760 return 0;
1761
1762 if (aa_fs_entry.dentry) {
1763 AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
1764 return -EEXIST;
1765 }
1766
1767 /* Populate fs tree. */
1768 error = aafs_create_dir(&aa_fs_entry, NULL);
1769 if (error)
1770 goto error;
1771
1772 dent = securityfs_create_file(".load", 0666, aa_fs_entry.dentry,
1773 NULL, &aa_fs_profile_load);
1774 if (IS_ERR(dent)) {
1775 error = PTR_ERR(dent);
1776 goto error;
1777 }
1778 ns_subload(root_ns) = dent;
1779
1780 dent = securityfs_create_file(".replace", 0666, aa_fs_entry.dentry,
1781 NULL, &aa_fs_profile_replace);
1782 if (IS_ERR(dent)) {
1783 error = PTR_ERR(dent);
1784 goto error;
1785 }
1786 ns_subreplace(root_ns) = dent;
1787
1788 dent = securityfs_create_file(".remove", 0666, aa_fs_entry.dentry,
1789 NULL, &aa_fs_profile_remove);
1790 if (IS_ERR(dent)) {
1791 error = PTR_ERR(dent);
1792 goto error;
1793 }
1794 ns_subremove(root_ns) = dent;
1795
1796 mutex_lock(&root_ns->lock);
1797 error = __aa_fs_ns_mkdir(root_ns, aa_fs_entry.dentry, "policy", NULL);
1798 mutex_unlock(&root_ns->lock);
1799
1800 if (error)
1801 goto error;
1802
1803 error = aa_mk_null_file(aa_fs_entry.dentry);
1804 if (error)
1805 goto error;
1806
1807 if (!aa_g_unconfined_init) {
1808 /* TODO: add default profile to apparmorfs */
1809 }
1810
1811 /* Report that AppArmor fs is enabled */
1812 aa_info_message("AppArmor Filesystem Enabled");
1813 return 0;
1814
1815 error:
1816 aa_destroy_aafs();
1817 AA_ERROR("Error creating AppArmor securityfs\n");
1818 return error;
1819 }
1820
1821 fs_initcall(aa_create_aafs);
ubuntu-zesty-kernel mirror